Interdicting an undesired service is disclosed. For example, a malware service is interdicted. The undesired service is identified. A vulnerability of the undesired service is identified from among a hierarchy of vulnerabilities. The undesired service is interdicted according to the vulnerability. For example, a corresponding action of a vulnerability to interdict the undesired service is performed in the order of the hierarchy until the undesired service is interdicted.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A system for interdicting an undesired service, comprising: a processor configured to identify the undesired service and identify a vulnerability of the undesired service, wherein the identified undesired service is associated with a malicious code, the vulnerability of the identified undesired service has been identified for the identified undesired service after the identified undesired service has been identified; and a communication interface coupled with the processor and configured to interdict the undesired service according to the vulnerability, wherein interdicting the undesired service includes affecting a network capability of the undesired service.
A system identifies and stops unwanted network services, like malware. A processor identifies the unwanted service and finds a weakness (vulnerability) in it. This unwanted service is known to be malicious, and its weakness is identified after the service itself is identified. A communication interface then blocks or disrupts the unwanted service by affecting its network abilities. This could involve shutting it down or preventing it from communicating over the network.
2. The system of claim 1 , wherein the system is not a part of a host hosting the undesired service.
This system for stopping unwanted network services (like malware), which identifies the unwanted service and finds a weakness in it, and then blocks or disrupts it by affecting its network abilities, operates as a separate device or software, not as part of the computer that's running the unwanted service.
3. The system of claim 1 , wherein identifying the vulnerability of the undesired service includes identifying the vulnerability based on whether the undesired service is vulnerable to the vulnerability.
When the system identifies a weakness in an unwanted service, this identification is based on whether the service is actually susceptible to that specific weakness. Meaning, the system checks if the vulnerability is applicable to the identified unwanted service before attempting to exploit it. This helps ensure that the chosen interdiction method is effective.
4. The system of claim 1 , wherein identifying the undesired service includes sending to a communication port of the undesired service a predetermined interrogation packet that invites an expected action and detecting the expected action.
The system identifies the unwanted service by sending a specific, pre-designed message (interrogation packet) to its communication port. This message is designed to trigger a predictable response (expected action). If the system detects this expected response, it confirms the presence and identity of the unwanted service.
5. The system of claim 1 , wherein affecting the network capability of the undesired service includes stopping the undesired service.
When the system affects the network capability of an unwanted service, this can involve completely stopping the unwanted service from running. This means terminating its process or preventing it from executing any further actions.
6. The system of claim 1 , wherein affecting the network capability of the undesired service includes disabling a network communication of the undesired service.
When the system affects the network capability of an unwanted service, this includes preventing the unwanted service from sending or receiving any data over the network. This effectively isolates the unwanted service.
7. The system of claim 1 , wherein affecting the network capability of the undesired service includes disabling a network communication of a host hosting the undesired service.
When the system affects the network capability of an unwanted service, this includes preventing the entire computer (host) that's running the unwanted service from communicating over the network. This effectively isolates the host and the unwanted service.
8. The system of claim 1 , wherein affecting the network capability of the undesired service includes providing a termination command to the undesired service.
When the system affects the network capability of an unwanted service, this includes sending a direct instruction (termination command) to the unwanted service, telling it to shut down or exit.
9. The system of claim 1 , wherein affecting the network capability of the undesired service includes identifying the undesired service to a host protection program operating on a host of the undesired service.
When the system affects the network capability of an unwanted service, this includes reporting the unwanted service to a security program (host protection program) that's running on the same computer as the unwanted service. This allows the security program to take further action.
10. The system of claim 1 , wherein affecting the network capability of the undesired service includes performing a denial of service attack on the undesired service to deny an operation of a malware.
When the system affects the network capability of an unwanted service, this includes overwhelming the unwanted service with requests or traffic, preventing it from functioning correctly (denial of service attack). This can disrupt the operation of malware.
11. The system of claim 1 , wherein affecting the network capability of the undesired service includes attempting to occupy all available network connections of the undesired service.
When the system affects the network capability of an unwanted service, this includes attempting to use up all available network connections of the unwanted service. By saturating the service with connection requests, it prevents the service from accepting new connections or performing its intended function.
12. The system of claim 1 , wherein affecting the network capability of the undesired service includes reducing a communication rate of the undesired service.
When the system affects the network capability of an unwanted service, this includes slowing down the rate at which the unwanted service can send or receive data. This can disrupt its functionality and make it less effective.
13. The system of claim 1 , wherein affecting the network capability of the undesired service includes performing one or more of the following actions to a host hosting the undesired service: expiring an IP address of the host, informing the host that a router is unreachable, instructing a router to disconnect the host, spoofing the host to cause a router to disconnect the host, and isolating the host from network communication.
When the system affects the network capability of an unwanted service, this includes taking one or more actions against the computer (host) running the unwanted service: causing the host's IP address to expire, notifying the host that its router is unreachable, instructing the router to disconnect the host, tricking the host so the router disconnects it, or completely isolating the host from network communication.
14. A method for interdicting an undesired service, comprising: identifying the undesired service; using a processor to identify a vulnerability of the undesired service, wherein the identified undesired service is associated with a malicious code, the vulnerability of the identified undesired service has been identified for the identified undesired service after the identified undesired service has been identified; and interdicting the undesired service according to the vulnerability, wherein interdicting the undesired service includes affecting a network capability of the undesired service.
A method identifies and stops unwanted network services, like malware. First, the unwanted service is identified. Then, a processor finds a weakness (vulnerability) in it. This unwanted service is known to be malicious, and its weakness is identified after the service itself is identified. The unwanted service is then blocked or disrupted based on its vulnerability, affecting its network capabilities.
15. The method of claim 14 , wherein identifying the undesired service includes sending to a communication port of the undesired service a predetermined interrogation packet that invites an expected action and detecting the expected action.
The method for stopping unwanted network services (like malware) where the unwanted service is identified, its vulnerability is found, and it's blocked by affecting its network abilities, identifies the unwanted service by sending a specific message to its communication port, designed to trigger a predictable response. Detecting this response confirms the identity of the unwanted service.
16. The method of claim 14 , wherein affecting the network capability of the undesired service includes disabling a network communication of a host hosting the undesired service.
In the method for stopping unwanted network services (like malware) where the unwanted service is identified, its vulnerability is found, and it's blocked by affecting its network abilities, affecting its network capability includes preventing the computer running the unwanted service from communicating on the network.
17. The method of claim 14 , wherein affecting the network capability of the undesired service includes performing a denial of service attack on the undesired service to deny an operation of a malware.
In the method for stopping unwanted network services (like malware) where the unwanted service is identified, its vulnerability is found, and it's blocked by affecting its network abilities, affecting its network capability includes overwhelming the unwanted service with requests, preventing it from functioning correctly, disrupting malware operations.
18. The method of claim 14 , wherein affecting the network capability of the undesired service includes attempting to occupy all available network connections of the undesired service.
In the method for stopping unwanted network services (like malware) where the unwanted service is identified, its vulnerability is found, and it's blocked by affecting its network abilities, affecting its network capability includes attempting to use all available network connections of the unwanted service, preventing it from accepting new connections.
19. The method of claim 14 , wherein affecting the network capability of the undesired service includes reducing a communication rate of the undesired service.
In the method for stopping unwanted network services (like malware) where the unwanted service is identified, its vulnerability is found, and it's blocked by affecting its network abilities, affecting its network capability includes slowing down the rate at which the unwanted service can send or receive data, disrupting its functionality.
20. A computer program product for interdicting an undesired service, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for: identifying the undesired service; identifying a vulnerability of the undesired service, wherein the identified undesired service is associated with a malicious code, the vulnerability of the identified undesired service has been identified for the identified undesired service after the identified undesired service has been identified; and interdicting the undesired service according to the vulnerability, wherein interdicting the undesired service includes affecting a network capability of the undesired service.
A computer program, stored on a non-transitory medium, stops unwanted network services, like malware. The program identifies the unwanted service, then finds a weakness (vulnerability) in it. This unwanted service is known to be malicious, and its weakness is identified after the service itself is identified. Finally, the program blocks or disrupts the unwanted service based on its vulnerability, affecting its network capabilities.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
July 20, 2015
June 20, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.